Saying personal information for more than 230,000 clients is at risk, three midstate residents are trying to mount a federal class-action lawsuit over a security breach at a Cumberland County-based payroll services firm.

All three plaintiffs in the suit, Daniel Storm of Lexington, Ky., Holly White of Lancaster, and Doris McMichael of New Cumberland, work for employers who used Paytime. The call on whether to certify the suit as a class action, making other Paytime customers parties to the case, will rest with Judge John E. Jones III.

Storm, White and McMichael contend that Paytime was negligent for not preventing the breach, not promptly detecting it, and delaying informing customers of the problem. The breach has put Paytime's customers at heightened exposure to identity theft, the three claim.

They seek unspecified monetary damages and want the court to require Paytime to provide the affected customers with credit and bank monitoring services for 25 years.

Paytime has not yet filed a reply to the suit with the court. However, Lindsay Strathmeyer, its manager of HR applications, provided the following statement from the company regarding the case Friday morning:

"As Central Pennsylvania communities are aware, Paytime has been taking, and continues to take the matter of the data security incident very seriously. We are working with internal and third party investigators, the Secret Service, incident response vendors, our business partners, our staff, our clients, their employees and the community to address the concerns and issues that may exist. Now that a complaint has been filed, we must respect the judicial process. There is a formal process we must follow to address the allegations and accusations in the complaint. At this time we are not free to discuss this further. We are confident our good faith efforts to preserve the security and confidentiality of information in our control will prevail in this matter."

Paytime's vice president of sales and marketing, Chris Haverstick, told PennLive last month that the firm didn't drag its feet in dealing with the breach. Federal law enforcement agencies were notified as soon at the problem was discovered, he said, and alerts were issued once at-risk customers were identified.

Company officials have said the cyber attack was mounted by skilled hackers with foreign IP addresses. The firm has offered a free year of credit monitoring and identity restoration services for those affected.

Employees of public libraries in Cumberland, Dauphin and York counties, along with workers in several local municipalities, including Silver Spring and East Pennsboro townships and Carlisle and Dillsburg, also had personal information exposed by the Paytime breach.

Featured Story

Get 'Today's Front Page' in your inbox

This newsletter is sent every morning at 6 a.m. and includes the morning's top stories, a full list of obituaries, links to comics and puzzles and the most recent news, sports and entertainment headlines.

optionalCheck here if you do not want to receive additional email offers and information.See our privacy policy

Thank you for signing up for 'Today's Front Page'

To view and subscribe to any of our other newsletters, please click here.